Montréal Qu
Download
1 / 152

- PowerPoint PPT Presentation


  • 100 Views
  • Uploaded on

Montréal Qu é bec 13 September 2011. Self Introductions. Name? Organization? ARIN topic that you are especially interested in?. History of ARIN and Internet Governance. Einar Bohlin Senior Policy Analyst. What is an RIR?.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about '' - verda


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Montr al qu bec 13 september 2011

Montréal Québec

13 September 2011


Self introductions
Self Introductions

  • Name?

  • Organization?

  • ARIN topic that you are especially interested in?


Montr al qu bec 13 september 2011

History of ARIN and Internet Governance

Einar Bohlin

Senior Policy Analyst


What is an rir
What is an RIR?

  • An RIR is an organization that manages the allocation and registration of Internet number resources within a particular region of the world.

    • Internet number resources include IP addresses and autonomous system (AS) numbers.



Historical timeline
Historical Timeline

Government Oversight

InterNIC

DDN NIC

DDN NIC

DDN NIC


Historical timeline1
Historical Timeline

Community Oversight




Number resource organization
Number Resource Organization

The NRO exists to protect the unallocated number resource pool, to promote and protect the bottom-up policy development process, and to act as a focal point for Internet community input into

the RIR system.



Number resource provisioning hierarchy
Number Resource Provisioning Hierarchy

ICANN / IANA

(Internet Assigned Numbers Authority)

Manage global unallocated IP address pool

Allocate

RIRs

(AfriNIC, APNIC, ARIN, LACNIC, RIPE NCC)

Manage regional unallocated IP address pool

Allocate

Assign

ISPs

End Users

Re-Allocate

Re-Assign

End Users

ISPs



Montr al qu bec 13 september 2011

"Applying the principles of stewardship, ARIN, a nonprofit corporation, allocates Internet Protocol resources; develops consensus-based policies; and facilitates the advancement of the Internet through information and educational outreach."


About arin
About ARIN corporation, allocates Internet Protocol resources; develops consensus-based policies; and facilitates the advancement of the Internet through information and educational outreach."

  • One of five Regional Internet Registries (RIRs)

  • Established December 1997

  • Provides services related to the technical coordination and management of Internet number resources

  • Services the US, Canada, and 22 economies in the Caribbean

  • Is a non-profit, community-based organization governed by a member-elected executive board


Arin s service region
ARIN corporation, allocates Internet Protocol resources; develops consensus-based policies; and facilitates the advancement of the Internet through information and educational outreach."’s Service Region

ARIN’s region includesCanada, many Caribbean and North Atlantic islands, and the United States.


Arin s core services
ARIN corporation, allocates Internet Protocol resources; develops consensus-based policies; and facilitates the advancement of the Internet through information and educational outreach."’s Core Services

  • Like the other RIRs, ARIN:

    • Allocates and assigns Internet number resources

    • Maintains Whois, in-addr.arpa, and other technical services

    • Facilitates policy development

    • Provides training, education and outreach

    • Participates in the global Internet community


Arin on social media
ARIN on Social Media corporation, allocates Internet Protocol resources; develops consensus-based policies; and facilitates the advancement of the Internet through information and educational outreach."

www.TeamARIN.net

www.facebook.com/TeamARIN

www.twitter.com/TeamARIN

www.linkedin.com/groups?gid=834217

www.youtube.com/TeamARIN


Montr al qu bec 13 september 2011
Q&A corporation, allocates Internet Protocol resources; develops consensus-based policies; and facilitates the advancement of the Internet through information and educational outreach."


Requesting and managing internet number resources through arin online

Requesting and Managing Internet Number Resources through ARIN Online

Jon Worley

Senior Resource Analyst


Overview
Overview ARIN Online

  • Request and Manage Number Resources

    • Recently Added ARIN Online Functionality

    • RESTful Provisioning

  • Recently Implemented Policies

  • Status of IPv4

  • Future Services


Major changes in functionality
Major Changes in Functionality ARIN Online

  • Reverse DNS Zone Management

  • DNSSEC

  • Resource Requests

  • POC Validation

  • View Invoices


Reverse dns
Reverse DNS ARIN Online

  • All reverse zones managed individually now

  • All zone management takes place inside ARIN Online or via REST calls (no templates!)




Querying arin s whois
Querying ARIN ARIN Online’s Whois

Query for the zone directly:

whois> 81.147.204.in-addr.arpa

Name: 81.147.204.in-addr.arpa.

Updated: 2006-05-15

NameServer: AUTHNS2.DNVR.QWEST.NET

NameServer: AUTHNS3.STTL.QWEST.NET

NameServer: AUTHNS1.MPLS.QWEST.NET

Ref: http://whois.arin.net/rest/rdns/81.147.204.in-addr.arpa.


Reverse dns1
Reverse DNS ARIN Online

  • ARIN issues blocks without any working DNS

    • Must establish delegations after registration


Reverse dns2
Reverse DNS ARIN Online

  • Authority to manage reverse zones follows SWIP

    • “Shared Authority” model


Reverse dns shared authority
Reverse DNS - Shared Authority ARIN Online

Joe’s Bar and Grill has reassigned a /24 to HELLO WORLD. Both can manage the

/24 zone.


Dnssec
DNSSEC ARIN Online

  • Same interface as reverse DNS

  • DS records generated by user

  • Zone must have nameservers before you can add DS records


Montr al qu bec 13 september 2011


Requesting ip addresses asns
Requesting IP addresses & ASNs ARIN Online

  • Via ARIN Online only

  • Officer attestation for IP requests now done via a signed form (instead of email)

  • Can no longer specify resource POCs or reverse DNS delegation in request


Annual poc validation
Annual POC Validation ARIN Online

  • Annual validation of each POC handle required (NRPM 3.6)

  • If an ARIN Online account is linked to any POC that has been unvalidated for 60+ days, the system forces validation by preventing the account from performing normal actions.


View invoices
View Invoices ARIN Online

  • Can now view paid and open invoices via ARIN Online

  • Goes back 2 years

  • Available to Admin, Tech, and Billing POC


Template changes
Template Changes ARIN Online

  • Resource request templates deprecated

  • Transfers and SWIPs still done with templates

  • API key required to authorize processing

    • Generated via ARIN Online

    • https://www.arin.net/features/api_keys.html


Restful interface
RESTful Interface ARIN Online

  • Programmatic way to interact with ARIN

    • Intended to be used for automation

    • Not meant to be used by humans

  • Useful for ISPs that manage a large number of SWIP records

  • Requires an investment of time to achieve those benefits


Example reassign detailed
Example – Reassign Detailed ARIN Online

  • Your automated system issues a PUT call to ARIN using the following URL:

https://www.arin.net/rest/net/NET-10-129-0-0-1/reassign?apikey=API-1234-5678-9ABC-DEFG

<net xmlns="http://www.arin.net/regrws/core/v1" >      <version>4</version>      <comment></comment>      <registrationDate></registrationDate>      <orgHandle>HW-1</orgHandle>      <handle></handle>      <netBlocks>            <netBlock>                  <type>A</type>                  <description>Reassigned</description>                  <startAddress>10.129.0.0</startAddress>                  <endAddress>10.129.0.255</endAddress>                  <cidrLength>24</cidrLength>            </netBlock>      </netBlocks>      <parentNetHandle>NET-10-129-0-0-1</parentNetHandle>      <netName>HELLOWORLD</netName>      <originASes></originASes>      <pocLinks></pocLinks></net>

The call contains the following data:


Example reassign detailed1
Example – Reassign Detailed ARIN Online

ARIN’s web server returns the following to your automated system:

<net xmlns="http://www.arin.net/regrws/core/v1" >

<version>4</version>

<comment></comment>

<registrationDate>Tue Jan 25 16:17:18 EST 2011</registrationDate>

<orgHandle>HW-1</orgHandle>

<handle>NET-10-129-0-0-2</handle>

<netBlocks>

<netBlock>

<type>A</type>

<description>Reassigned</description>

<startAddress>10.129.0.0</startAddress>

<endAddress>10.129.0.255</endAddress>

<cidrLength>24</cidrLength>

</netBlock>

</netBlocks>

<parentNetHandle>NET-10-129-0-0-1</parentNetHandle>

<netName>netName>HELLOWORLD</netName>

<originASes></originASes>

<pocLinks></pocLinks>

</net>

Reg date and net handle added


Other restful notes
Other RESTful Notes ARIN Online

  • IPv6 Reassign Simple available only through the RESTful interface

  • Still operating RESTful beta site as a test bed

    • Must request access


Obtaining restful assistance
Obtaining RESTful Assistance ARIN Online

  • ARIN Online’s ASK ARIN feature

  • arin-tech-discuss mailing list

    • Make sure to subscribe

    • Someone on the list will help you ASAP

  • Registration Services Help Desk telephone not a good fit

    • Debugging these problems requires a detailed look at the method, URL, and payload being used



3 month supply for isps
3 Month Supply For ISPs ARIN Online

  • Prior to IANA IPv4 exhaustion, experienced ISPs could get a 12 month supply

  • Dropped to 3 month supply immediately upon IANA exhaustion

  • Still computed based on demonstrated utilization rate


Ipv6 end user changes
IPv6 End-user Changes ARIN Online

  • Before: Block size based on HD-Ratio

    • Complex (used logarithms)

  • After: Block size based solely on number of sites within a network


Results of end user policy change
Results of End-user Policy Change ARIN Online

Small uptick in large blocks, but majority still /48


Better ipv6 allocation for isps
Better IPv6 Allocation for ISPs ARIN Online

  • To be implemented no later than 15 February 2012

  • Allows ISPs to have uniform subnets

    • Each “serving site” gets a block large enough to number the largest serving site

    • Must be nibble-aligned: /48, /44, /40, etc


Example
Example ARIN Online

  • An ISP has 37 PoPs

    • The largest PoP has 1,084 customers

    • Wants to assign a /48 to each customer

  • /37 smallest block that has 1,084 /48s (2,048)

  • Each of the 37 PoPs gets a /36 (round to nibble)

  • Smallest block that contains 37 /36s is a /30 (64 /36s)

  • ISP A gets a /28 (round to nibble)


Standardize ip reassignment registration requirements
Standardize IP Reassignment Registration Requirements ARIN Online

  • To be implemented by 30 September 2011

  • Abuse contact will be required for all ORGs

  • New policies for ISPs with residential customers that dynamically draw IP addresses from pools

    • must submit SWIP information for each market area

    • must show 80% assigned with a 50-80% utilization rate across markets

  • IPv6 /64 and larger static reassignments must be visible via SWIP/RWhois


Ipv6 subsequent allocations for transitional technologies
IPv6 Subsequent Allocations for Transitional Technologies ARIN Online

  • ISPs with an initial allocation for native IPv6 can request a separate block to be used for IPv4 -> IPv6 transitional technology

    • 6rd is the most common example, but the policy doesn’t specify a technology

  • /24 maximum allocation

    • Allows a typical ISP to map a /56 to each of their existing IPv4 addresses in a 6rd deployment


Simplified m a transfers
Simplified M&A Transfers ARIN Online

  • If resources are no longer justified, ARIN will work with you to get back into compliance

  • If resources are underused, ARIN will work with you on a plan to regain compliance via growth or return


Future services
Future Services ARIN Online

  • RPKI in development

    • Cryptographically authenticate registration authority

  • Routing registry changes

    • Better authentication (currently use only mail-from)

  • Increased functionality in ARIN Online


Montr al qu bec 13 september 2011
Q&A ARIN Online


Montr al qu bec 13 september 2011

Changes at ARIN—Not your Grandpa ARIN Online’s RIR anymore (RPKI, DNSSEC, etc.)

Andy Newton

Chief Engineer


Agenda
Agenda ARIN Online

  • DNSSEC – a brief update

  • RPKI – the major focus

    • What is it

    • What it will look like within ARIN Online


Why are dnssec and rpki important
Why are DNSSEC and RPKI Important? ARIN Online

  • Two critical resources

    • DNS

    • Routing

  • Hard to tell when resource is compromised

  • Focus of Government funding - DHS


What is dnssec
What is DNSSEC? ARIN Online

  • DNS responses are not secure

    • Easy to Spoof

    • Examples of malicious attacks

  • DNSSEC attaches signatures

    • Validates responses

    • Can not Spoof


Changes required to make dnssec work
Changes Required to make DNSSEC work ARIN Online

  • Transfer of in-addr.arpa to ICANN

  • Moving Nameservers for in-addr.arpa from the roots to RIR-managed systems

  • Signing in-addr.arpa, ip6.arpa and delegations that ARIN manages

  • Provisioning of DS Records

    • ARIN Online

    • RESTful Interface (just deployed on July 23)



Montr al qu bec 13 september 2011
Demo ARIN Online

  • Movie from https://www.arin.net/knowledge/dnssec/


Rpki pilot
RPKI Pilot ARIN Online

  • Available since June 2009

    • http://rpki-pilot.arin.net

    • ARIN-branded version of RIPE NCC software

  • 46 organizations participating

  • #2 (behind RIPE) on prefixes/roas


What is rpki
What is RPKI? ARIN Online

  • Attaches certificates to network resources

    • AS Numbers

    • IP Addresses

  • Allows ISPs to associate the two

    • Route Origin Authorizations (ROAs)

    • Follow the allocation chain to the top


What is rpki1
What is RPKI? ARIN Online

  • Allows routers to validate Origins

  • Start of validated routing

  • Need minimal bootstrap info

    • Trust Anchors

    • Lots of focus on Trust Anchors


What does rpki create
What does RPKI Create? ARIN Online

  • It creates a repository

    • RFC 3779 Certs

    • ROAs

    • CRLS

    • Manifest records

    • Ghostbusters support


Repository view
Repository View ARIN Online

./ba/03a5be-ddf6-4340-a1f9-1ad3f2c39ee6/1:

total 40

-rw-r--r-- 1 markk markk 1543 Jun 26 2009 ICcaIRKhGHJ-TgUZv8GRKqkidR4.roa

-rw-r--r-- 1 markk markk 1403 Jun 26 2009 cKxLCU94umS-qD4DOOkAK0M2US0.cer

-rw-r--r-- 1 markk markk 485 Jun 26 2009 dSmerM6uJGLWMMQTl2esy4xyUAA.crl

-rw-r--r-- 1 markk markk 1882 Jun 26 2009 dSmerM6uJGLWMMQTl2esy4xyUAA.mnf

-rw-r--r-- 1 markk markk 1542 Jun 26 2009 nB0gDFtWffKk4VWgln-12pdFtE8.roa


Repository use
Repository Use ARIN Online

  • Pull down these files using “rcynic”

  • Validate the ROAs contained in the repository

  • Communicate with the router marking routes “valid”, “invalid”, “unknown”

  • Up to ISP to use local policy on how to route


Possible flow
Possible Flow ARIN Online

  • RPKI web interface -> repository

  • Repository aggregator -> validator

  • Validated entries -> route checking

  • Route checking results -> local routing decisions (based on local policy)


Resource cert validation
Resource Cert Validation ARIN Online

IANA

Resource Allocation Hierarchy

AFRINIC

RIPE NCC

APNIC

ARIN

LACNIC

Issued Certificates

Route Origination Authority

“ISP4 permits AS65000 to originate a route for the prefix 192.2.200.0/24”

Attachment: <isp4-ee-cert>

Signed,

ISP4 <isp4-ee-key-priv>

LIR1

ISP2

ISP

ISP

ISP

ISP4

ISP

ISP

ISP


Resource cert validation1
Resource Cert Validation ARIN Online

Resource Allocation Hierarchy

IANA

AFRINIC

RIPE NCC

APNIC

ARIN

LACNIC

Issued Certificates

LIR1

NIR2

Route Origination Authority

“ISP4 permits AS65000 to originate a route for the prefix 192.2.200.0/24”

Attachment: <isp4-ee-cert>

Signed,

ISP4 <isp4-ee-key-priv>

ISP

ISP

ISP

ISP4

ISP

ISP

ISP

1. Did the matching private key sign this text?


Resource cert validation2
Resource Cert Validation ARIN Online

Resource Allocation Hierarchy

IANA

AFRINIC

RIPE NCC

APNIC

ARIN

LACNIC

Issued Certificates

Route Origination Authority

“ISP4 permits AS65000 to originate a route for the prefix 192.2.200.0/24”

Attachment: <isp4-ee-cert>

Signed,

ISP4 <isp4-ee-key-priv>

LIR1

ISP2

ISP

ISP

ISP

ISP4

ISP

ISP

ISP

2. Is this certificate valid?


Resource cert validation3
Resource Cert Validation ARIN Online

Resource Allocation Hierarchy

IANA

AFRINIC

RIPE NCC

APNIC

ARIN

LACNIC

Issued Certificates

Route Origination Authority

“ISP4 permits AS65000 to originate a route for the prefix 192.2.200.0/24”

Attachment: <isp4-ee-cert>

Signed,

ISP4 <isp4-ee-key-priv>

LIR1

ISP2

ISP

ISP

ISP

ISP4

ISP

ISP

ISP

3. Is there a valid certificate path from a Trust Anchor to this certificate?


Why is rpki taking awhile
Why is RPKI taking awhile? ARIN Online

  • Intense review of liabilities by legal team and Board of Trustees created additional requirements at ARIN XXVI

  • Two new big requirements

    • Non-repudiation in ROA generation for hosted CAs

    • Thwart “Evil Mark” (rogue employee) from making changes


General architecture of rpki registration interface
General Architecture of RPKI Registration Interface ARIN Online

ARIN Online

Database Persistence

RPKI Engine

HSM

Tight coupling between resource certificate/ROA entities and registration dataset at the database layer. Once certs/ROAs are created, they must be maintained if the registered dependents are changed.


Development before arin xxvi
Development before ARIN XXVI ARIN Online

With a few finishing touches, ready to go Jan 1, 2011 with Hosted Model, Delegated Model to follow end of Q1.

ARIN Online

Highly influenced by RIPE NCC entities.

Database Persistence

RPKI Engine

RIPE NCC RPKI Engine with a few tweaks.

HSM

Sun SCA 6000

Everything is Java, JBoss, Hibernate.


Changes underway since arin xxvi
Changes Underway Since ARIN XXVI ARIN Online

In-browser ROA request signing via AJAX.

ARIN Online

Message driven engine which delegates to the HSM.

Database Persistence

RPKI Engine

Minor

changes.

HSM

Custom programming on IBM 4764’s to enable all DER encoding and crypto.

HSM coding is in C as extensions to IBM CCA. Libtasn1 used for DER coding.



Updates within rpki outside of arin
Updates within RPKI outside of ARIN ARIN Online

  • The four other RIRs are in production with Hosted CA services

  • Major routing vendor support being tested

  • Announcement of public domain routing code support


Arin status
ARIN Status ARIN Online

  • Hosted CA anticipated by end of October at the earliest

  • We intend to add up/down code required for delegated model after Hosted CA completed


Why is this important
Why is this important? ARIN Online

  • Provides more credibility to identify resource holders

  • Helps in the transfer market identify real resource holders

  • Bootstraps routing security


Montr al qu bec 13 september 2011
Q&A ARIN Online


Montr al qu bec 13 september 2011

ARIN RESTful Web Services ARIN Online

Andy Newton

Chief Engineer


Rest the new services
REST ARIN Online – The New Services

  • Three RESTful Web Services

    • Whois-RWS

      • Exposes our public Whois data via REST

    • Reg-RWS (or Registration-RWS)

      • Registration and maintenance of your data in a programmatic fashion

    • Bulk Whois

      • Download of Bulk Whois is now down RESTfully


What is rest
What is REST? ARIN Online

  • Representation State Transfer

  • As applied to web services

    • defines a pattern of usage with HTTP to create, read, update, and delete (CRUD) data

    • “Resources” are addressable in URLs

  • Very popular protocol model

    • Amazon S3, Yahoo & Google services, …


The big advantage of rest
The BIG Advantage of REST ARIN Online

  • Easily understood

    • Any modern programmer can incorporate it

    • Can look like web pages

  • Re-uses HTTP in a simple manner

    • Many, many clients

    • Other HTTP advantages

  • This is why it is very, very popular with Google, Amazon, Yahoo, Twitter, Facebook, YouTube, Flickr, …


What does it look like and who can use it
What does it look like? ARIN OnlineAnd who can use it?

Where the data is.

What type of data it is.

The ID of the data.

http://whois.arin.net/rest/poc/KOSTE-ARIN

It is a standard URL.

Go ahead, put it into your browser.


Where can more information on rest be found
Where can more information on REST be found? ARIN Online

  • RESTful Web Services

    • O’Reilly Media

    • Leonard Richardson

    • Sam Ruby


Whois rws
Whois-RWS ARIN Online

  • Publicly Accessible, just like traditional Whois

  • Searches and lookups on IP addresses, AS numbers, POCs, Orgs, etc…

  • Very popular

    • As of March, 2011, constitutes 40% of our query load

  • For more information:

    • https://www.arin.net/resources/whoisrws/index.html


Reg rws
Reg-RWS ARIN Online

  • Requires an API Key

    • You generate one in ARIN Online

  • Register and manage your data

    • But only your data

  • More information

    • https://www.arin.net/resources/restful-interfaces.html

    • We are working on enhanced documentation – to be released soonish


Reg rws has more than templates
Reg-RWS Has More Than Templates ARIN Online

  • Only programmatic way to do IPv6 Reassign Simple

  • Only programmatic way to manage Reverse DNS

  • Only programmatic way to access you ARIN tickets


Testing your reg rws client
Testing Your Reg-RWS Client ARIN Online

  • We offer an Operational Test & Evaluation environment for Reg-RWS

  • Your real data, but isolated

    • Helps you develop against a real system without the worry that real data could get corrupted.

  • For more information:

    • https://www.arin.net/announcements/2011/20110215.html


Bulk whois
Bulk Whois ARIN Online

  • You must first sign an AUP

    • ARIN staff will review your need to access bulk Whois data

  • Also requires an API Key

  • More information

    • https://www.arin.net/resources/request/bulkwhois.html


Arin provided libraries
ARIN Provided Libraries ARIN Online

  • We will soon have some code you can use

  • Reg-RWS Java library

    • Used by ARIN internally

    • Will be released upon completion of documentation

  • ARINr

    • Set of Ruby libraries used to prove out our service

    • To be released soon under BSD license

      • “Alpha” quality, seeking community involvement

    • Targets Whois-RWS and Reg-RWS

    • For the command-line oriented power users


Obtaining restful assistance1
Obtaining RESTful Assistance ARIN Online

  • ARIN Online’s ASK ARIN feature

  • arin-tech-discuss mailing list

    • Make sure to subscribe

    • Someone on the list will help you ASAP

  • Registration Services Help Desk telephone not a good fit

    • Debugging these problems requires a detailed look at the method, URL, and payload being used


Montr al qu bec 13 september 2011
Q&A ARIN Online


Current status of ipv4 and ipv6 in the arin region

Current Status of IPv4 and ARIN OnlineIPv6 in the ARIN region

Jon Worley

Senior Resource Analyst


Inventory report
Inventory Report ARIN Online

  • IANA IPv4 free pool now exhausted

    • ARIN received its last /8 from IANA in mid-February

  • At that time, ARIN had ~5.49 /8 equivalents in its available pool

  • Daily inventory published on ARIN’s web site



Ipv4 holdings profile
IPv4 Holdings Profile ARIN Online

1.5% of the subscriber Org IDs hold 80% of the non-legacy IPv4 addresses

The remaining 98.5% of the Org IDs hold 20% of the non-legacy IPv4 addresses


The obvious question
The Obvious Question ARIN Online

  • How long will ARIN’s IPv4 inventory last?

  • ARIN doesn’t make projections

  • Why not?

    • Past performance doesn’t always predict the future

    • Potential game-changing requests

    • Projections are interpreted as assurances of availability


The reality we have no idea
The Reality – ARIN OnlineWe Have No Idea

  • Network operators may:

    • become more efficient

    • continue to consume at the same rate

    • consume at a faster rate

  • IPv4 availability cannot be guaranteed because IPv4 free pool exhaustion cannot be accurately predicted


Ipv4 churn
IPv4 Churn ARIN Online

  • ARIN does get back IPv4 addresses through returns, revocations, and reclamations

    • Return = voluntary

    • Revoke = for cause (usually nonpayment)

    • Reclaimed = fraud or business dissolution

  • From 1/1/2005 to 3/31/2011, ARIN got ~585 /16 equivalents back


Post depletion world
Post-Depletion World ARIN Online

  • While availability of IPv4 addresses cannot be assured, there will be ways network operators may be able to obtain additional IPv4 addresses

    • Transfers to Specified Recipients

    • Specified Transfer Listing Service (STLS)

    • Waiting List for Unmet IPv4 Requests


Transfers to specified recipients
Transfers to Specified Recipients ARIN Online

  • Resources no longer required to be under RSA

  • If resources are not maintained under RSA, verification of title may take some time

  • Attestation from officer required if resources not under LRSA/RSA

  • RSA coverage = smoother transfer


Montr al qu bec 13 september 2011
STLS ARIN Online

  • Listers: have available IPv4 addresses

  • Needers: looking for more IPv4 addresses

  • Facilitators: available to help listers and needers find each other


Waiting list for unmet ipv4 requests
Waiting List for Unmet IPv4 Requests ARIN Online

  • Policy initiative

  • Starts when ARIN can’t fill a justified request

  • Option to specify smallest acceptable size

  • If no block available between approved and smallest acceptable size, option to go on the waiting list

  • May receive only one allocation every three months


Ipv4 vs ipv6 subscribers
IPv4 vs IPv6 Subscribers ARIN Online

*as of Aug 1, 2011

  • 3,711 IPv4 ISP subscribers today

    • 2,478 (67%) do not have an IPv6 allocation.


Montr al qu bec 13 september 2011

of IPv4 ARIN Online




Who are the players in the transition to ipv6
Who Are the Players in the Transition to IPv6? ARIN Online

  • Broadband Access Providers

  • Internet Service Providers

  • Internet Content Providers

  • Enterprise Customers

  • Equipment Vendors

  • Government Organizations


Ipv6 adoption needs
IPv6 Adoption Needs ARIN Online

  • IPv6 address space

  • IPv6 connectivity (native or tunneled)

  • Operating systems, software, and network management tool upgrades

  • Router, firewall, and other hardware upgrades

  • IT staff and customer service training


Ipv4 ipv6 the bottom line

IPv4 is depleting quickly; ARIN Online IPv6 must be adopted for continued Internet growth

IPv6 is not backwards compatible with IPv4; for the foreseeable future, the Internet must run both IP versions (IPv4 & IPv6) at the same time

Deployment is already underway: Today, there are organizations attempting to reach your mail, web, and application servers via IPv6…

IPv4 & IPv6 - The Bottom Line


Resources
Resources ARIN Online

  • IPv6 Info Center www.arin.net/knowledge/ipv6_info_center.html

    • Community Use Slide Deck

    • ARIN IPv6 Board Resolution

    • IPv6 Letter to CEOs

  • IPv6 Wiki www.getipv6.info

  • Knowledgewww.arin.net/knowledge/

  • Outreach Micrositewww.TeamARIN.net

  • Social Media at ARINwww.arin.net/social.html


Montr al qu bec 13 september 2011
Q&A ARIN Online


Montr al qu bec 13 september 2011

ARIN ARIN Online’s Policy

Development Process

Einar Bohlin

Senior Policy Analyst


Policy development process pdp
Policy Development Process ARIN Online(PDP)

Flowchart

Proposal Template

Archive

Movie

https://www.arin.net/policy/pdp.html


Policy development principles
Policy Development Principles ARIN Online

Open

  • Developed in open forum

    • Public Policy Mailing List

    • Public Policy Meetings

  • Anyone can participate

    Transparent

  • All aspects documented and available on website

    • Policy process, meetings, and policies

      Bottom-up

  • Policies developed by the community

  • Staff implements, but does not make policy


Who plays a role in the policy process
Who Plays a Role in the Policy Process? ARIN Online

Community

  • Submit proposals

  • Participate in discussions and petitions

    Advisory Council (elected volunteers)

  • Facilitate the policy process

  • Develop policy that is “clear, technically sound and useful”

  • Determine consensus based on community input


Roles
Roles… ARIN Online

ARIN Board of Trustees (elected volunteers)

  • Provide corporate fiduciary oversight

  • Ensure the policy process has been followed

  • Ratify policies

    ARIN Staff

  • Provide feedback to community

    • Staff and legal assessments for all proposals

    • Policy experience reports

  • Implement ratified policies


Basic steps
Basic Steps ARIN Online

Community member submits a proposal

Community discusses the proposal on the “List”

AC creates a draft policy or abandons the proposal

Community discusses the draft policy on the “List” and at the meeting

AC conducts its consensus review

Community performs last call

Board adopts

Staff implements


Petitions
Petitions ARIN Online

*8 petitions to date

Anyone dissatisfied with a decision by the AC can petition in order to keep a proposal moving forward

  • Occurs between proposal and draft policy stage

  • 5 day petition period

  • Needs 10 different people from 10 different organizations to publicly support the petition


Number resource policy manual
Number Resource Policy Manual ARIN Online

  • Contains

  • Change Logs

  • Available as PDF

  • Index

https://www.arin.net/policy/nrpm.html

NRPM is ARIN’s policy document

  • Version 2011.3 (27 July 2011)

  • 23rd version


Policies in the nrpm
Policies in the NRPM ARIN Online

IPv4 Address Space

IPv6 Address Space

Autonomous System Numbers (ASNs)

Directory Services (WHOIS)

Reverse DNS (in-addr)

Transfers

Experimental Assignments

Resource Review Policy


References
References ARIN Online

Policy Development Processhttps://www.arin.net/policy/pdp.html

Draft Policies and Proposalshttps://www.arin.net/policy/proposals/index.html

Number Resource Policy Manualhttps://www.arin.net/policy/nrpm.html



Current draft policies and proposals
Current Draft Policies and Proposals ARIN Online

  • 9 Active Draft Policies

  • 3 Policy Proposals


Draft policies
Draft Policies ARIN Online

  • ARIN-2011-1: Globally Coordinated Transfer Policy

    • Would allow transfers to/from the ARIN region

      • The two RIRs must have compatible transfer policy

      • Need required (transfers are needs-based)

  • ARIN-2011-5: Shared Transition Space for IPv4 Address Extension

    • Creates an IPv4 /10 to be shared (eg. draft-shirasaki-nat444-03 )

    • Under Board review. Board asked ARIN to work with the IETF/IAB.


Draft policies1
Draft Policies… ARIN Online

  • ARIN-2011-7: Compliance Requirement

    • Ensures that ISPs maintain accurate reassignment information

      • Enforcement via stopping reverse DNS services and possibly revocation

  • ARIN-2011-8: Combined M&A and Specified Transfers

    • Clarifies that organizations can perform both types of transfers at roughly the same time


Draft policies2
Draft Policies…. ARIN Online

  • ARIN-2011-9: Global Policy for post exhaustion IPv4 allocation mechanisms by the IANA

    • Instructs IANA to accept returned address space and reissue that space to the RIRs (a 1/5th portion to each RIR every 6 months)

  • ARIN-2011-10: Remove Single Aggregate Requirement from Specified Transfer

    • Removes “aggregate” language from the transfer policy (opposite of prop-153)


Draft policies3
Draft Policies….. ARIN Online

  • ARIN-2011-11: Clarify Justified Need for Transfers

    • Extends the 12-month supply period for address space to all specified transfers

  • ARIN-2011-12: Set Transfer Need to 24 months

    • Lengthens the supply period for specified transfers to 24 months

  • ARIN-2011-13: IPv4 Number Resources for Use Within Region

    • Address space issued solely for use in networks within the ARIN


Proposals
Proposals ARIN Online

  • ARIN-prop-151 Limiting Needs Requirements for IPv4 Transfers

    • Removes the needs-based evaluation from transfers to specified recipients

  • ARIN-prop-153 Correct Erroneous Syntax in NRPM 8.3

    • Changes the transfer policy so that only a single aggregate could be transferred (opposite of prop 144)

  • ARIN-prop-156 Update 8.3 to allow inter-RIR transfers

    • Would allow transfers to customers of other RIRs.

      • Request must meet both RIR’s policies


How can you get involved
How Can You Get Involved? ARIN Online

There are two methods to voice your opinion:

  • Public Policy Mailing List

  • Public Policy Meeting

    (in person or remote)


Arin meetings
ARIN Meetings ARIN Online

Two meetings a year

Check the ARIN Public Policy Meeting site 4-6 weeks prior to meeting

Proposals/Draft Policies on Agenda

Discussion Guide (summaries and text)

Attend in Person/Remote Participation

AC meeting last day

Watch list for AC’s decisions

Last Calls – For or against?


Public policy mailing list ppml
Public Policy Mailing List (PPML) ARIN Online

Open to anyone

Easy to subscribe to

Contains: ideas, proposals, draft policies, last calls, announcements of adoption and implementation, and petitions

Archives available

RSS feed available

https://www.arin.net/participate/mailing_lists/index.html


References1
References ARIN Online

  • Draft Policies & Proposals

    • https://www.arin.net/policy/proposals/index.html

  • ARIN Public Policy Mailing List

    • https://www.arin.net/participate/mailing_lists/index.html


Montr al qu bec 13 september 2011
Q&A ARIN Online



Learn more and get involved

Your participation ARIN Online

Important, critical, needed, appreciated…

Get Involved in ARIN

Public Policy Mailing List

ARIN Suggestion and Consultation Process

Member Elections

Public Policy and Member’s Meetings

http://www.arin.net/participate/

Learn More and Get Involved


Arin mailing lists

ARIN Mailing Lists ARIN Online

ARIN Consultation - arin-consult@arin.net

Open to the general public. Used in conjunction with the ARIN Consultation and Suggestion Process (ACSP) to gather comments, this list is only open when there is a call for comments

ARIN Issued - arin-issued@arin.net

Read-only list open to the general public. Used by ARIN staff to provide a daily report of IPv4 and IPv6 addresses returned and IPv4 and IPv6 addresses issued directly by ARIN or address blocks returned to ARIN's free pool.

ARIN Technical Discussions - arin-tech-discuss@arin.net

Open to the general public. Provided for those interested in providing technical feedback to ARIN on experiences in the use or evaluation of current ARIN services and features in development.

ARIN Mailing Lists

https://www.arin.net/participate/mailing_lists/index.html

ARIN Announce - arin-announce@arin.net

ARIN Discussion – arin-discuss@arin.net

ARIN Public Policy – arin-ppml@arin.net

ARIN Consultation – arin-consult@arin.net

ARIN Issued – arin-issued@arin.net

ARIN Technical Discussions - arin-tech-discuss@arin.net


Arin consultation and suggestion process
ARIN Consultation and Suggestion Process ARIN Online

  • Open for business September 2006

  • As of 31 August 2011

    • 14 community consultations

      • all closed

      • https://www.arin.net/participate/acsp/acsp_consultations.html

    • 145 suggestions

      • 14 remain open

      • https://www.arin.net/participate/acsp/acsp_suggestions.html


Board of trustees advisory council nro number council
Board of Trustees ARIN OnlineAdvisory CouncilNRO Number Council

  • General Member Eligibility Date (2011 Elections): 1 January 2011

  • Board, AC, and NRO Number Council Call for

  • Nominations: 25 July - 24 August

  • Deadline to Establish Voter Eligibility: 27 September

  • Board, AC, and NRO NC Final

  • Candidates Announced: 30 September

  • Elections held: 12-22 October

  • Three year terms begin: 1 January 2012


Next arin meetings
Next ARIN Meetings ARIN Online

  • Remote participation

  • Policy discussions

  • Tutorials

  • Social event

  • Adjacent to NANOG

Apply for the ARIN XXIX – Vancouver fellowship 23 Jan – 2 March 2012

https://www.arin.net/participate/meetings


Almost done
Almost done! ARIN Online

  • ARIN will waive the registration fee for today’s attendees for either ARIN Philadelphia or Vancouver

  • Survey

  • ARIN staff will be available until 4 PM


Montr al qu bec 13 september 2011
Q&A ARIN Online